After publishing raw data sets and engaging with the community within our Internet Scanning efforts labeled Project Sonar, there were several logical next steps and an endless amount of ideas to follow up on. In the first quarter of 2014, we were implementing databases, search engines, and generic trending features on top of the collected data from the project. Several community members, from students to pentesters and researchers, downloaded the data sets and started analysis on their own or used it for their work.
This talk presents the latest results from our efforts, such as investigative tools that allow for correlation of the data sets and a generic trending database that allows us to monitor security improvements by country or industry type.
At the same time, we will present the next scan types we are publishing and would like to bring attention to the new possibilities. We demo example processing and show how to work with the data.
Last but not least we will visit the latest findings in terms of vulnerabilities and misconfigurations that we came across in the deep corners of the internet. For example we will talk about statistics around the SSL heartbleed vulnerability that can be generated from our datasets.
Mark Schloesser is a security researcher at Rapid7, analyzing threats and developing countermeasures to help defenders understand and protect against the risks they face. He is also deeply involved developing open-source software as part of the Honeynet Project and other communities. A strong focus for this has recently been building up the core of Cuckoo Sandbox, an automated malware analysis tool, as well as working on a real-time data-sharing framework. He also is a developer for the Dionaea honeypot and smaller projects such as the HoneyMap. In the 25th and 26th hour of the day, he likes reverse engineering malware and botnets and participating in CTF competitions. In case you need some help on an interesting project, he easily gets excited and involved if you netcat him @repmovsb.